[strongSwan] CERTREQ/CERT question

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Tue Apr 6 11:37:59 CEST 2010


At "§3.6.  Certificate Payload" the RFC 4306 specifies:

"The Certificate Payload, denoted CERT in this memo, provides a means to transport certificates or other authentication-related information via IKE. Certificate payloads SHOULD be included in an exchange if certificates are available to the sender unless the peer has indicated an ability to retrieve this information from ***elsewhere...***"

One questions related to this paragraph:

Which is strongSwan behaviour when it receives in CERTREQ anchors for which it can't build up a trusted path? Note: TS 33.310 V8.3.0 (2009-06) 3GPP document suggests that the system sends all its CA certificates in this case and let remote to decide.

Best Regards

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100406/318c07ac/attachment.html>

More information about the Users mailing list